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CLAIMS 

1. A method for recovering a data repository from a failure affecting a 
primary copy of the data repository, including the steps of: 

maintaining a secondary copy of data sufficient to recover the 
primary copy of the data repository and data items held thereon; 

in response to a failure affecting the primary copy of the data 
repository, recreating a primary copy of the data repository from the 
secondary copy; and 

using a restore process to restore data items to the primary copy 
from the secondary copy within a recovery unit of work, wherein data items 
restored to the primary copy of the data repository within the recovery 
unit of work are made inaccessible to processes other than the restore 
process until commit of the recovery unit of work; 

prior to commit of the recovery unit of work, configuring the 
primary copy of the data repository to enable addition of data items to 
the data repository independent of said restore .step and to enable 
processes other than the restore process to access said independently 
added data items; and 

in response to successful completion of the restore step, committing 
the recovery unit of work including releasing said inaccessibility of the 
restored data. 

2. A method according to claim 1, wherein maintaining the secondary 
data copy comprises storing a backup copy of the data repository and 
storing log records describing updates to the primary copy performed since 
the backup copy was stored; wherein recreating the primary copy of the 
data repository includes the step of copying data repository definitions 
from the backup copy and applying the definitions to recreate the primary 
copy; and wherein restoring data items to the primary copy comprises 
copying data items from the backup copy and replaying the log records to 
identify and reapply updates to the primary copy. 

3. A method according to claim 1, wherein maintaining the secondary 
data copy includes storing log records that describe updates to the 
primary copy, and wherein the step of restoring the primary copy of the 
repository includes the steps of: 
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replaying the log records of operations performed on data items 
within the primary copy of the data repository, 

caching log records relating to operations performed under syncpoint 
control within an original unit of work, 

determining from the cached log records the state of the original 
units of work at the time of the failure, and 

determining which of said syncpoint-controlled operations to perform 
within the recovery unit of work based on the determined state of the 
original units of work. 

4. A method according to claim 3, including performing operations 
within the recovery unit of work in accordance with the following 
procedure : 

if the original unit of work was committed before the failure 
performing the relevant operations of the committed unit of work; 

if the original unit of work was in-doubt when the failure occurred 
performing the relevant operations of the in-doubt unit of work but 
marking the operations in-doubt; and 

if the original unit of work is neither committed nor in-doubt, 
discarding the_ cached operations. 

5. A method according to claim 3, including discarding from the 
recovery unit of work any pairs of addition -and deletion operations that 
comprise an addition of a data item to the primary copy of the data 
repository and a deletion of the same data item from the primary copy of 
the data repository, on condition that said addition and deletion 
operations were performed and committed before the failure. 

6. A method according to any one of the preceding claims, wherein the 
data repository is a message repository and the step of restoring data to 
the primary copy of the data repository comprises performing message add 
update and delete operations on the message repository. 

7. A method according to claim 6, for performance within a messaging 
communication system, wherein maintaining the secondary data copy includes 
storing log records to describe updates to the primary copy, and wherein 
the step of restoring data to the primary copy of the repository includes 
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the steps of caching log records relating to message add, update and 
delete operations performed under syncpoint control within an original 
unit of work, determining from the log records the state of the original 
unit of work at the time of the failure, and determining the operations to 
perform within the recovery unit of work based on the determined state of 
the original unit of work as follows: 

if the original unit of work is committed, performing the relevant 
message add, update and delete operations; and 

if the original unit of work is in-doubt, performing the relevant 
message add, update and delete operations but marking the operations 
in- doubt ; and 

if the original unit of work is neither committed nor in-doubt, 
discarding the cached operations. 

8. A method according to any one of the preceding claims, wherein data 
restored to the primary copy of the repository within the recovery unit of 
work is made inaccessible by setting a flag for each data item restored to 
the data repository, the flag indicating that the data item is not 
accessible. 

9- A method according to claim 8, wherein the flag indicates a 
transactional state of the data item and wherein a process for accessing 
data items from the repository is adapted to identify one or more 
predefined transactional states as inaccessible. 

10. A method according to claim 8 or claim 9, wherein the flag comprises 
a byte value of a distinctive primary key allocated to the data item when 
the data item is restored to the data repository, the byte value being 
selected from a range of values indicative of the transactional state of 
the data item. 

11. A method according to any one of claims 8 to 10, wherein the step of 
setting a flag comprises: 

setting a first flag for any data item for which the latest 
operation performed on the data item prior to the failure was a committed 
add operation which is to be restored to the data repository within the 
recovery unit of work; and 
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14. a data communication system for transferring messages between a 
sender and a receiver, wherein messages are held in a message repository 
following a message send operation and are then retrieved from the 
repository for delivery to the receiver, and wherein a backup copy of the 
repository is created and log records are written to record message send 
and message retrieval events since creation of the backup copy, the system 
including a recovery component adapted to control the" data communication 
system to perform the following steps: 

in response to a failure affecting the message repository, restoring 
messages to the repository by reference to the backup copy of the 
repository which backup copy was created prior to the failure; 

prior to completion of the recovery processing, configuring the 
repository to enable new messages to be added to the repository and 
retrieved therefrom without awaiting completion of the recovery 
processing; and 

reapplying updates to the message repository corresponding to 
message send and message retrieval operations performed prior to the 
failure, by reference to log records created prior to the failure; 

wherein the steps of restoring messages to the repository and 
reapplying updates to the repository by reference to the backup copy and 
log records are performed within a recovery unit of work and the restored 
messages and reapplied updates are made inaccessible until all message 
repository updates corresponding to send and retrieve operations performed 
prxor to the failure have been reapplied to -the message repository. 

15. A computer program product comprising program code recorded on a 
recording medium for controlling the operation of a data processing 
apparatus on which the program code executes to perform a method for 
recovering a data repository from a failure affecting a primary copy of 
the data repository, for use with a data processing apparatus having a 
secondary data storage and having a component for maintaining a secondary 
copy of data in the secondary data storage which secondary copy is 
sufficient to recover the primary copy of the data repository and data 
items held thereon, the method including the steps of: 

in response to a failure affecting the primary copy of the data 
repository, recreating a primary copy of the data repository from the 
secondary copy; and 
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using a restore process to restore data items to the primary copy 
from the secondary copy within a recovery unit of work, wherein data items 
restored to the primary copy of the data repository within the recovery 
unit of work are made inaccessible to processes other than the restore 
process until commit of the recovery unit of work; 

prior to commit of the recovery unit of work, configuring the 
primary copy of the data repository to enable addition of data items to 
the data repository independent of said restore step and to enable 
processes other than the restore process to access said independently 
added data items; and 

in response to successful completion of the restore step, committing 
the recovery unit of work including releasing said inaccessibility of the 
restored data. 

16. A computer program for controlling the operation of a data 
processing apparatus on which the program executes to perform a method for 
recovering a data repository from a failure affecting a primary copy of 
the data repository, wherein the data processing apparatus has a secondary 
data storage. area and wherein the computer program includes a component 
for maintaining a secondary copy of data in the secondary data storage 
area which secondary copy is sufficient to recover the primary copy of the 
data repository and data items held thereon, the method including the 
steps of: 

in response to a failure affecting the primary copy of the data 
• repository, recreating a primary copy of the data repository from the 
secondary copy; and 

using a restore process to restore data items to the primary copy 
from the secondary copy within a recovery unit of work, wherein data items 
restored to the primary copy of the data repository within the recovery 
unit of work are made inaccessible to processes other than the restore 
process until commit of the recovery unit of work; 

prior to commit of the recovery unit of work, configuring the 
primary copy of the data repository to enable addition of data items to 
the data repository independent of said restore step and to enable 
processes other than the restore process to access said independently 
added data items; and 
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in response to successful completion of the restore step, committing 
the recovery unit of work including releasing said inaccessibility of the 
restored data. 

17. A recovery component for recovering a data repository from a failure 
affecting a primary copy of the data repository, for use with a data 
processing system having primary and secondary data storage and having a 
component for maintaining a secondary copy of data in the secondary data 
storage which secondary copy is sufficient to recover the primary copy of 
the data repository and data items held thereon, the recovery component 
being adapted to perform a method including the steps of: 

in response to a failure affecting the primary copy of the data 
repository, recreating a primary copy of the data repository from the 
secondary copy; and 

using a restore process to restore data items to the primary copy 
from the secondary copy within a recovery unit of work, wherein data items 
restored to the primary copy of the data repository within' the recovery 
unit of work are made inaccessible to processes other than the restore 
process until commit of the recovery unit of work; 

prior to commit of the recovery unit of work, configuring the 
primary copy of the data repository to enable addition of data items to 
the data repository independent of said restore step and to enable 
processes other than the restore process to access said independently 
added data items; and 

in response to successful completion of the restore step, committing 
the recovery unit of work including releasing said inaccessibility of the 
restored data. 



